From 475c15f77b60531c7af9cf2863fdd52a3288348b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 22 Dec 2022 22:23:30 +0000 Subject: [PATCH 01/25] chore(deps): bump actions/checkout from 3.1.0 to 3.2.0 (#5) --- .github/workflows/_build.yaml | 2 +- .github/workflows/codeql-analysis.yaml | 2 +- .github/workflows/pr-conventional-commits.yaml | 2 +- .github/workflows/release.yaml | 6 +++--- .github/workflows/scorecards-analysis.yaml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/_build.yaml b/.github/workflows/_build.yaml index 6f63131a5..d3087ef10 100644 --- a/.github/workflows/_build.yaml +++ b/.github/workflows/_build.yaml @@ -51,7 +51,7 @@ jobs: steps: - name: Check out repository - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 with: fetch-depth: 0 diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml index a212720e5..a0c6684ae 100644 --- a/.github/workflows/codeql-analysis.yaml +++ b/.github/workflows/codeql-analysis.yaml @@ -40,7 +40,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: Set up Python ${{ matrix.python }} uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # v4.3.0 diff --git a/.github/workflows/pr-conventional-commits.yaml b/.github/workflows/pr-conventional-commits.yaml index 867b75697..0e308b27b 100644 --- a/.github/workflows/pr-conventional-commits.yaml +++ b/.github/workflows/pr-conventional-commits.yaml @@ -25,7 +25,7 @@ jobs: steps: - name: Check out repository - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 with: fetch-depth: 0 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 761051fc1..c9c00e74e 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -38,7 +38,7 @@ jobs: steps: - name: Check out repository - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 with: fetch-depth: 0 token: ${{ secrets.REPO_ACCESS_TOKEN }} @@ -88,7 +88,7 @@ jobs: steps: - name: Check out repository - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 with: fetch-depth: 0 @@ -183,7 +183,7 @@ jobs: steps: - name: Check out repository - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 with: fetch-depth: 0 diff --git a/.github/workflows/scorecards-analysis.yaml b/.github/workflows/scorecards-analysis.yaml index d9ccafb34..0538ceeec 100644 --- a/.github/workflows/scorecards-analysis.yaml +++ b/.github/workflows/scorecards-analysis.yaml @@ -29,7 +29,7 @@ jobs: steps: - name: Check out repository - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 with: persist-credentials: false From 8d7bf31ce86781d1ad44596661d2cefdb858dea6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 22 Dec 2022 22:25:35 +0000 Subject: [PATCH 02/25] chore(deps-dev): update packaging requirement (#6) --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 6d0db25f2..b2a07b5b7 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -25,7 +25,7 @@ dependencies = [ "requests >=2.28.0,<3.0.0", "pydriller >=2.0,<3.0.0", "yamale >=4.0.3,<5.0.0", - "packaging >=21.3,<22.0.0", + "packaging >=21.3,<23.0.0", "jinja2 >=3.1.2,<4.0.0" ] keywords = [] From e125006305be4a1b6ad815058a453bf0dedf6d93 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 22 Dec 2022 22:27:43 +0000 Subject: [PATCH 03/25] chore(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.2 (#8) --- .github/workflows/scorecards-analysis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards-analysis.yaml b/.github/workflows/scorecards-analysis.yaml index 0538ceeec..f2b1af4de 100644 --- a/.github/workflows/scorecards-analysis.yaml +++ b/.github/workflows/scorecards-analysis.yaml @@ -34,7 +34,7 @@ jobs: persist-credentials: false - name: Run analysis - uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v2.0.6 + uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 with: results_file: results.sarif results_format: sarif From 3b3b8ae4fe2c4b7903fc692a4f71f69ed5493a89 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 22 Dec 2022 22:28:31 +0000 Subject: [PATCH 04/25] chore(deps): bump github/codeql-action from 2.1.31 to 2.1.37 (#9) --- .github/workflows/codeql-analysis.yaml | 4 ++-- .github/workflows/scorecards-analysis.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml index a0c6684ae..3653e5823 100644 --- a/.github/workflows/codeql-analysis.yaml +++ b/.github/workflows/codeql-analysis.yaml @@ -55,7 +55,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898 # v2.1.31 + uses: github/codeql-action/init@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37 with: languages: ${{ matrix.language }} config-file: .github/codeql/codeql-config.yaml @@ -68,4 +68,4 @@ jobs: # queries: ./path/to/local/query, your-org/your-repo/queries@main - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898 # v2.1.31 + uses: github/codeql-action/analyze@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37 diff --git a/.github/workflows/scorecards-analysis.yaml b/.github/workflows/scorecards-analysis.yaml index f2b1af4de..9be1a1196 100644 --- a/.github/workflows/scorecards-analysis.yaml +++ b/.github/workflows/scorecards-analysis.yaml @@ -56,6 +56,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898 # v2.1.31 + uses: github/codeql-action/upload-sarif@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37 with: sarif_file: results.sarif From bcbcb1e61a23404535a839f61d57a1d103410a93 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 22 Dec 2022 22:29:27 +0000 Subject: [PATCH 05/25] chore(deps-dev): update pylint requirement (#11) --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index b2a07b5b7..c94bd8847 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -64,7 +64,7 @@ dev = [ # Exclude pip-audit v2.4.9 because it has a bug. # See https://github.com/pypa/pip-audit/commit/22d7e4c7f5acd20852c57b52b46e861a716ab09f. "pip-audit >=2.4.8,<3.0.0,!=2.4.9", - "pylint >=2.9.3,<2.15.8", + "pylint >=2.9.3,<2.15.10", "cyclonedx-bom >=3.5.0,<4.0.0", ] docs = [ From 47390b507c7e783cc65a9b0c4ac818feb2a495d3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 22 Dec 2022 22:29:36 +0000 Subject: [PATCH 06/25] chore(deps-dev): update hypothesis requirement (#10) --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index c94bd8847..73d22432e 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -78,7 +78,7 @@ hooks = [ ] # Note that the `custom_exit_code` and `env` plugins may currently be unmaintained. test = [ - "hypothesis >=6.21.0,<6.58.2", + "hypothesis >=6.21.0,<6.61.1", "pytest >=7.2.0,<8.0.0", "pytest-custom_exit_code >=0.3.0,<1.0.0", "pytest-cov >=4.0.0,<5.0.0", From 6c7f6b1f820c87acfd9834d120b5c66dcb412c71 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 22 Dec 2022 22:38:11 +0000 Subject: [PATCH 07/25] chore(deps): bump actions/setup-python from 4.3.0 to 4.4.0 (#7) --- .github/workflows/_build.yaml | 2 +- .github/workflows/codeql-analysis.yaml | 2 +- .github/workflows/pr-conventional-commits.yaml | 2 +- .github/workflows/release.yaml | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/_build.yaml b/.github/workflows/_build.yaml index d3087ef10..f4c997f03 100644 --- a/.github/workflows/_build.yaml +++ b/.github/workflows/_build.yaml @@ -56,7 +56,7 @@ jobs: fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # v4.3.0 + uses: actions/setup-python@5ccb29d8773c3f3f653e1705f474dfaa8a06a912 # v4.4.0 with: python-version: ${{ matrix.python }} diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml index 3653e5823..58c446184 100644 --- a/.github/workflows/codeql-analysis.yaml +++ b/.github/workflows/codeql-analysis.yaml @@ -43,7 +43,7 @@ jobs: uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - name: Set up Python ${{ matrix.python }} - uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # v4.3.0 + uses: actions/setup-python@5ccb29d8773c3f3f653e1705f474dfaa8a06a912 # v4.4.0 with: python-version: ${{ matrix.python }} diff --git a/.github/workflows/pr-conventional-commits.yaml b/.github/workflows/pr-conventional-commits.yaml index 0e308b27b..ee8477482 100644 --- a/.github/workflows/pr-conventional-commits.yaml +++ b/.github/workflows/pr-conventional-commits.yaml @@ -30,7 +30,7 @@ jobs: fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # v4.3.0 + uses: actions/setup-python@5ccb29d8773c3f3f653e1705f474dfaa8a06a912 # v4.4.0 with: python-version: '3.11' diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index c9c00e74e..0819a3414 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -44,7 +44,7 @@ jobs: token: ${{ secrets.REPO_ACCESS_TOKEN }} - name: Set up Python - uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # v4.3.0 + uses: actions/setup-python@5ccb29d8773c3f3f653e1705f474dfaa8a06a912 # v4.4.0 with: python-version: '3.11' @@ -110,7 +110,7 @@ jobs: # Create the Release Notes using commitizen. - name: Set up Python - uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # v4.3.0 + uses: actions/setup-python@5ccb29d8773c3f3f653e1705f474dfaa8a06a912 # v4.4.0 with: python-version: '3.11' From ad2f7ec7af2558bd047ce85055284d1cf16d65e3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Dec 2022 11:49:42 +0000 Subject: [PATCH 08/25] chore(deps-dev): update pre-commit requirement (#12) --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 73d22432e..964e795e4 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -74,7 +74,7 @@ docs = [ "numpydoc >=1.5.0,<2.0.0", ] hooks = [ - "pre-commit >=2.18.0,<=2.20.0", + "pre-commit >=2.18.0,<2.22.0", ] # Note that the `custom_exit_code` and `env` plugins may currently be unmaintained. test = [ From 5b0fbb5eca1e093eb30add6c5c45941984c943f0 Mon Sep 17 00:00:00 2001 From: Behnaz Hassanshahi Date: Fri, 30 Dec 2022 02:31:51 +1000 Subject: [PATCH 09/25] chore(deps): use the fix for GHSA-hcpj-qp55-gfph (#13) Signed-off-by: behnazh-w --- Makefile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Makefile b/Makefile index f0d1db7e8..fd5f902e2 100644 --- a/Makefile +++ b/Makefile @@ -160,14 +160,12 @@ requirements.txt: pyproject.toml # editable mode (like the one in development here) because they may not have # a PyPI entry; also print out CVE description and potential fixes if audit # found an issue. -# TODO: do not ignore GHSA-hcpj-qp55-gfph once the patch is out. -# See: https://github.com/gitpython-developers/GitPython/issues/1515. .PHONY: audit audit: if ! $$(python -c "import pip_audit" &> /dev/null); then \ echo "No package pip_audit installed, upgrade your environment!" && exit 1; \ fi; - python -m pip_audit --skip-editable --desc on --fix --dry-run --ignore-vuln GHSA-hcpj-qp55-gfph + python -m pip_audit --skip-editable --desc on --fix --dry-run # Run some or all checks over the package code base. .PHONY: check check-code check-bandit check-flake8 check-lint check-mypy check-go From 42c82f24a97a169f8f56ddf61538567227669183 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Jan 2023 18:46:27 +0000 Subject: [PATCH 10/25] chore(deps-dev): update sphinx requirement (#14) --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 964e795e4..73c7321db 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -68,7 +68,7 @@ dev = [ "cyclonedx-bom >=3.5.0,<4.0.0", ] docs = [ - "sphinx >=5.3.0,<6.0.0", + "sphinx >=5.3.0,<7.0.0", "sphinx-autodoc-typehints >=1.19.4,<2.0.0", "sphinx-rtd-theme >=1.0.0,<2.0.0", "numpydoc >=1.5.0,<2.0.0", From fbb276fa73671ac2f370a4cb3dae07320cae7e75 Mon Sep 17 00:00:00 2001 From: Behnaz Hassanshahi Date: Wed, 4 Jan 2023 12:13:16 +1000 Subject: [PATCH 11/25] chore(deps): enable Dependabot to check Go deps (#15) Signed-off-by: behnazh-w --- .github/dependabot.yaml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index 444a20b4d..5173fb977 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -1,4 +1,4 @@ -# Copyright (c) 2022 - 2022, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2022 - 2023, Oracle and/or its affiliates. All rights reserved. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. # This configuration file enables Dependabot version updates. @@ -36,3 +36,18 @@ updates: # https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#reviewers # reviewers: # - + +- package-ecosystem: gomod + directory: / + schedule: + interval: weekly + commit-message: + prefix: chore + prefix-development: chore + include: scope + open-pull-requests-limit: 13 + target-branch: staging + # Add additional reviewers for PRs opened by Dependabot. For more information, see: + # https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#reviewers + # reviewers: + # - From 2876d54b3dfabf96a43fe34809fac90c30e1677d Mon Sep 17 00:00:00 2001 From: Behnaz Hassanshahi Date: Wed, 4 Jan 2023 15:56:43 +1000 Subject: [PATCH 12/25] chore: enable CodeQL for Go (#18) Signed-off-by: behnazh-w --- .github/workflows/codeql-analysis.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml index 58c446184..6b89c75c9 100644 --- a/.github/workflows/codeql-analysis.yaml +++ b/.github/workflows/codeql-analysis.yaml @@ -1,4 +1,4 @@ -# Copyright (c) 2022 - 2022, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2022 - 2023, Oracle and/or its affiliates. All rights reserved. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. # Run CodeQL over the package. For more configuration options see codeql/codeql-config.yaml @@ -17,6 +17,7 @@ on: # Avoid unnecessary scans of pull requests. paths: - '**/*.py' + - '**/*.go' schedule: - cron: 20 15 * * 3 permissions: @@ -35,7 +36,7 @@ jobs: matrix: # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] # Learn more about CodeQL language support at https://git.io/codeql-language-support - language: [python] + language: [python, go] python: ['3.11'] steps: From d0b648401e1c7248b518a5eebba07daac3cf9e4f Mon Sep 17 00:00:00 2001 From: Behnaz Hassanshahi Date: Wed, 4 Jan 2023 18:09:43 +1000 Subject: [PATCH 13/25] chore: update the copyright header at a specific line (#17) Signed-off-by: behnazh-w --- scripts/dev_scripts/copyright-checker.sh | 40 ++++++++++++++++++------ 1 file changed, 31 insertions(+), 9 deletions(-) diff --git a/scripts/dev_scripts/copyright-checker.sh b/scripts/dev_scripts/copyright-checker.sh index 88233a58f..dba92a368 100755 --- a/scripts/dev_scripts/copyright-checker.sh +++ b/scripts/dev_scripts/copyright-checker.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -# Copyright (c) 2022 - 2022, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2022 - 2023, Oracle and/or its affiliates. All rights reserved. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. # @@ -10,6 +10,7 @@ files=$(git diff --cached --name-only) currentyear=$(date +"%Y") missing_copyright_files=() +license_note="Licensed under the Universal Permissive License v 1.0 as shown at https:\/\/oss\.oracle\.com\/licenses\/upl\/\." for f in $files; do @@ -29,25 +30,46 @@ done if [ ${#missing_copyright_files[@]} -ne 0 ]; then for f in "${missing_copyright_files[@]}"; do + + # Don't allow this script to run on itself. + if [[ $0 == $f ]];then + echo "Cannot run the $0 on itself. Please fix the headers in this file manually." + exit 1 + fi + missing_license_note=$(grep -i "$license_note" "$f") startyear=$(git log --format=%ad --date=format:%Y "$f" | tail -1) if [[ -z "${startyear// }" ]]; then startyear=$currentyear fi if [[ $f =~ .*\.(js$|java$|go$|dl$) ]]; then expected="\/\* Copyright \(c\) $startyear - $currentyear, Oracle and\/or its affiliates\. All rights reserved\. \*\/" - expected="$expected\n\/\* Licensed under the Universal Permissive License v 1.0 as shown at https:\/\/oss\.oracle\.com\/licenses\/upl\/\. \*\/" + if [ ${#missing_license_note} -eq 0 ]; then + expected="$expected\n\/\* $license_note \*\/" + fi elif [[ $f =~ .*\.(py$|tf$|sh$|yaml$) ]] || [[ "${f##*/}" = "Dockerfile" ]]; then expected="# Copyright \(c\) $startyear - $currentyear, Oracle and\/or its affiliates\. All rights reserved\." - expected="$expected\n# Licensed under the Universal Permissive License v 1.0 as shown at https:\/\/oss\.oracle\.com\/licenses\/upl\/\." - + if [ ${#missing_license_note} -eq 0 ]; then + expected="$expected\n# $license_note" + fi fi - if ! grep -i -e "Copyright (c) .* Oracle and/or its affiliates. All rights reserved" "$f" 1>/dev/null;then - echo "Copyright header missing for $f" - sed -i "1s/^/$expected\n\n/" "$f" + # Find the first matching copyright line. + line_number=$(grep -m 1 -n -i -e "Copyright (c) .* Oracle and/or its affiliates. All rights reserved" "$f" | cut -d : -f 1) + if [[ -z "$line_number" ]]; then + echo "Copyright header missing for $f." + + # Check for executable scripts and don't replace the first line starting with shebang. + shebang_line=$(grep -m 1 -n "#!" "$f") + if [[ -z "$shebang_line" ]];then + # If there is no shebang, insert at the first line. + sed -i "1s/^/$expected\n\n/" "$f" + else + # If there is a shebang, append to the end of the line. + sed -i "$(echo $shebang_line | cut -d : -f 1)""s/$/\n\n$expected/" "$f" + fi else - echo "Copyright header needs update for $f" - sed -i "1s/^.*/$expected/" "$f" + echo "Copyright header needs update for $f." + sed -i "$line_number""s/^.*/$expected/" "$f" fi done echo "Copyright headers have been automatically added/updated. Please review and stage the changes before running git commit again." From 7e740cac4374a62ee628a5005cb9a086d03e6e4c Mon Sep 17 00:00:00 2001 From: Behnaz Hassanshahi Date: Thu, 5 Jan 2023 11:26:31 +1000 Subject: [PATCH 14/25] build: add separate target to setup binaries (#20) Signed-off-by: behnazh-w --- Makefile | 24 +++++++++++++++--------- scripts/dev_scripts/copyright-checker.sh | 4 ++-- 2 files changed, 17 insertions(+), 11 deletions(-) diff --git a/Makefile b/Makefile index fd5f902e2..a2dbafeb2 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -# Copyright (c) 2022 - 2022, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2022 - 2023, Oracle and/or its affiliates. All rights reserved. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. # Use bash as the shell when executing a rule's recipe. For more details: @@ -83,25 +83,27 @@ venv: # The _build.yaml GitHub Actions workflow expects dist directory to exist. # So we create the dist dir if it doesn't exist in the setup target. # See https://packaging.python.org/en/latest/tutorials/packaging-projects/#generating-distribution-archives. -# We also install SLSA verifier, mvnw, cyclonedx-go, and compile the Go modules. +# We also install cyclonedx-go to generate SBOM for Go, compile the Go modules, +# install SLSA verifier binary, and download mvnw. .PHONY: setup -setup: force-upgrade setup-go +setup: force-upgrade setup-go setup-binaries pre-commit install mkdir -p dist + go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@v1.3.0 +setup-go: + go build -o $(MACARON_PATH)/bin/ $(MACARON_PATH)/golang/cmd/... +setup-binaries: $(MACARON_PATH)/bin/slsa-verifier $(MACARON_PATH)/resources/mvnw +$(MACARON_PATH)/bin/slsa-verifier: git clone --depth 1 https://github.com/slsa-framework/slsa-verifier.git -b v2.0.1 cd slsa-verifier/cli/slsa-verifier && go build -o $(MACARON_PATH)/bin/ cd $(MACARON_PATH) && rm -rf slsa-verifier - go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@v1.3.0 - echo "GOPATH=$$GOPATH" - ls $$HOME/go/bin +$(MACARON_PATH)/resources/mvnw: cd resources \ && wget https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper-distribution/3.1.1/maven-wrapper-distribution-3.1.1-bin.zip \ && unzip -o maven-wrapper-distribution-3.1.1-bin.zip \ && rm -r maven-wrapper-distribution-3.1.1-bin.zip \ && echo -e "distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.6/apache-maven-3.8.6-bin.zip\nwrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar" > .mvn/wrapper/maven-wrapper.properties \ && cd $(MACARON_PATH) -setup-go: - go build -o $(MACARON_PATH)/bin/ $(MACARON_PATH)/golang/cmd/... # Install or upgrade an existing virtual environment based on the # package dependencies declared in pyproject.toml and go.mod. @@ -258,7 +260,11 @@ clean: dist-clean bin-clean nuke-caches: clean find src/ -type d -name __pycache__ -exec rm -fr {} + find tests/ -type d -name __pycache__ -exec rm -fr {} + -nuke: nuke-caches +nuke-mvnw: + cd $(MACARON_PATH)/resources \ + && rm mvnw mvnw.cmd mvnwDebug mvnwDebug.cmd \ + && cd $(MACARON_PATH) +nuke: nuke-caches nuke-mvnw if [ ! -z "${VIRTUAL_ENV}" ]; then \ echo "Please deactivate the virtual environment first!" && exit 1; \ fi diff --git a/scripts/dev_scripts/copyright-checker.sh b/scripts/dev_scripts/copyright-checker.sh index dba92a368..8f4abe9cd 100755 --- a/scripts/dev_scripts/copyright-checker.sh +++ b/scripts/dev_scripts/copyright-checker.sh @@ -22,7 +22,7 @@ for f in $files; do startyear=$currentyear fi if ! grep -i -e "Copyright (c) $startyear - $currentyear, Oracle and/or its affiliates. All rights reserved." "$f" 1>/dev/null;then - if [[ $f =~ .*\.(js$|py$|java$|tf$|go$|sh$|dl$|yaml$) ]] || [[ "${f##*/}" = "Dockerfile" ]];then + if [[ $f =~ .*\.(js$|py$|java$|tf$|go$|sh$|dl$|yaml$) ]] || [[ "${f##*/}" = "Dockerfile" ]] || [[ "${f##*/}" = "Makefile" ]];then missing_copyright_files+=("$f") fi fi @@ -46,7 +46,7 @@ if [ ${#missing_copyright_files[@]} -ne 0 ]; then if [ ${#missing_license_note} -eq 0 ]; then expected="$expected\n\/\* $license_note \*\/" fi - elif [[ $f =~ .*\.(py$|tf$|sh$|yaml$) ]] || [[ "${f##*/}" = "Dockerfile" ]]; then + elif [[ $f =~ .*\.(py$|tf$|sh$|yaml$) ]] || [[ "${f##*/}" = "Dockerfile" ]] || [[ "${f##*/}" = "Makefile" ]]; then expected="# Copyright \(c\) $startyear - $currentyear, Oracle and\/or its affiliates\. All rights reserved\." if [ ${#missing_license_note} -eq 0 ]; then expected="$expected\n# $license_note" From 29065881437303f490a595832f250b017e3666e6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Jan 2023 15:28:40 +0000 Subject: [PATCH 15/25] chore(deps-dev): update hypothesis requirement (#26) --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 73c7321db..68fd1832c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -78,7 +78,7 @@ hooks = [ ] # Note that the `custom_exit_code` and `env` plugins may currently be unmaintained. test = [ - "hypothesis >=6.21.0,<6.61.1", + "hypothesis >=6.21.0,<6.62.1", "pytest >=7.2.0,<8.0.0", "pytest-custom_exit_code >=0.3.0,<1.0.0", "pytest-cov >=4.0.0,<5.0.0", From f0a9e91f317c86cdbb65169013ab2bd3d3ce7e7a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Jan 2023 15:29:26 +0000 Subject: [PATCH 16/25] chore(deps-dev): update packaging requirement (#25) --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 68fd1832c..056f1dee6 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -25,7 +25,7 @@ dependencies = [ "requests >=2.28.0,<3.0.0", "pydriller >=2.0,<3.0.0", "yamale >=4.0.3,<5.0.0", - "packaging >=21.3,<23.0.0", + "packaging >=21.3,<24.0.0", "jinja2 >=3.1.2,<4.0.0" ] keywords = [] From cdd99ed105807f6396687253166267670abac55a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Jan 2023 15:29:39 +0000 Subject: [PATCH 17/25] chore(deps-dev): update pylint requirement (#24) --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 056f1dee6..aab22240e 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -64,7 +64,7 @@ dev = [ # Exclude pip-audit v2.4.9 because it has a bug. # See https://github.com/pypa/pip-audit/commit/22d7e4c7f5acd20852c57b52b46e861a716ab09f. "pip-audit >=2.4.8,<3.0.0,!=2.4.9", - "pylint >=2.9.3,<2.15.10", + "pylint >=2.9.3,<2.15.11", "cyclonedx-bom >=3.5.0,<4.0.0", ] docs = [ From f1e2bd976f9179526ab88296d40bdf12df28cc3f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Jan 2023 15:34:55 +0000 Subject: [PATCH 18/25] chore(deps): bump actions/checkout from 3.2.0 to 3.3.0 (#23) --- .github/workflows/_build.yaml | 2 +- .github/workflows/codeql-analysis.yaml | 2 +- .github/workflows/pr-conventional-commits.yaml | 2 +- .github/workflows/release.yaml | 6 +++--- .github/workflows/scorecards-analysis.yaml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/_build.yaml b/.github/workflows/_build.yaml index f4c997f03..5af880f55 100644 --- a/.github/workflows/_build.yaml +++ b/.github/workflows/_build.yaml @@ -51,7 +51,7 @@ jobs: steps: - name: Check out repository - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: fetch-depth: 0 diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml index 6b89c75c9..bb349171e 100644 --- a/.github/workflows/codeql-analysis.yaml +++ b/.github/workflows/codeql-analysis.yaml @@ -41,7 +41,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Set up Python ${{ matrix.python }} uses: actions/setup-python@5ccb29d8773c3f3f653e1705f474dfaa8a06a912 # v4.4.0 diff --git a/.github/workflows/pr-conventional-commits.yaml b/.github/workflows/pr-conventional-commits.yaml index ee8477482..dcaffe4f8 100644 --- a/.github/workflows/pr-conventional-commits.yaml +++ b/.github/workflows/pr-conventional-commits.yaml @@ -25,7 +25,7 @@ jobs: steps: - name: Check out repository - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: fetch-depth: 0 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 0819a3414..253c23ae1 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -38,7 +38,7 @@ jobs: steps: - name: Check out repository - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: fetch-depth: 0 token: ${{ secrets.REPO_ACCESS_TOKEN }} @@ -88,7 +88,7 @@ jobs: steps: - name: Check out repository - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: fetch-depth: 0 @@ -183,7 +183,7 @@ jobs: steps: - name: Check out repository - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.0.2 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.0.2 with: fetch-depth: 0 diff --git a/.github/workflows/scorecards-analysis.yaml b/.github/workflows/scorecards-analysis.yaml index 9be1a1196..60ee7463c 100644 --- a/.github/workflows/scorecards-analysis.yaml +++ b/.github/workflows/scorecards-analysis.yaml @@ -29,7 +29,7 @@ jobs: steps: - name: Check out repository - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: persist-credentials: false From a088d4ea3b67b949346364a5ddc52440b2b96830 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Jan 2023 15:35:16 +0000 Subject: [PATCH 19/25] chore(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2 (#22) --- .github/workflows/_build.yaml | 2 +- .github/workflows/scorecards-analysis.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/_build.yaml b/.github/workflows/_build.yaml index 5af880f55..08a9ef5bc 100644 --- a/.github/workflows/_build.yaml +++ b/.github/workflows/_build.yaml @@ -123,7 +123,7 @@ jobs: # Currently reusable workflows do not support setting strategy property from the caller workflow. - name: Upload the package artifact for debugging and release if: matrix.os == env.ARTIFACT_OS && matrix.python == env.ARTIFACT_PYTHON - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: artifact-${{ matrix.os }}-python-${{ matrix.python }} path: | diff --git a/.github/workflows/scorecards-analysis.yaml b/.github/workflows/scorecards-analysis.yaml index 60ee7463c..4c3fdf843 100644 --- a/.github/workflows/scorecards-analysis.yaml +++ b/.github/workflows/scorecards-analysis.yaml @@ -49,7 +49,7 @@ jobs: # Upload the results as artifacts (optional). - name: Upload artifact - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: SARIF file path: results.sarif From 77bacf63614a4673c9d8e9dd8ad5accb40c2f39b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Jan 2023 15:35:33 +0000 Subject: [PATCH 20/25] chore(deps): bump actions/download-artifact from 3.0.1 to 3.0.2 (#21) --- .github/workflows/release.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 253c23ae1..36d2b7a59 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -93,7 +93,7 @@ jobs: fetch-depth: 0 - name: Download artifact - uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: ${{ env.ARTIFACT_NAME }} path: dist @@ -188,7 +188,7 @@ jobs: fetch-depth: 0 - name: Download provenance - uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: ${{ needs.provenance.outputs.provenance-name }} From 5d3fc4a1ae91c358d60640a1e920f39127be8146 Mon Sep 17 00:00:00 2001 From: Behnaz Hassanshahi Date: Tue, 10 Jan 2023 02:30:19 +1000 Subject: [PATCH 21/25] chore(deps): fix the checkout action semantic version (#27) Signed-off-by: behnazh-w --- .github/workflows/release.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 36d2b7a59..3e5a9291b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,4 +1,4 @@ -# Copyright (c) 2022 - 2022, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2022 - 2023, Oracle and/or its affiliates. All rights reserved. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. # We run checks on pushing to the specified branches. @@ -183,7 +183,7 @@ jobs: steps: - name: Check out repository - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.0.2 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: fetch-depth: 0 From e59412d72f7ba8faf8f75bcdc13bdcb8babe6d6c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Jan 2023 08:10:09 +0000 Subject: [PATCH 22/25] chore(deps-dev): update hypothesis requirement (#32) --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index aab22240e..352110888 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -78,7 +78,7 @@ hooks = [ ] # Note that the `custom_exit_code` and `env` plugins may currently be unmaintained. test = [ - "hypothesis >=6.21.0,<6.62.1", + "hypothesis >=6.21.0,<6.64.1", "pytest >=7.2.0,<8.0.0", "pytest-custom_exit_code >=0.3.0,<1.0.0", "pytest-cov >=4.0.0,<5.0.0", From 11e0099b77d16152e42cc0acd5cc155664479684 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Jan 2023 08:11:21 +0000 Subject: [PATCH 23/25] chore(deps): bump github/codeql-action from 2.1.37 to 2.1.39 (#31) --- .github/workflows/codeql-analysis.yaml | 4 ++-- .github/workflows/scorecards-analysis.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml index bb349171e..91dc4b43f 100644 --- a/.github/workflows/codeql-analysis.yaml +++ b/.github/workflows/codeql-analysis.yaml @@ -56,7 +56,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37 + uses: github/codeql-action/init@a34ca99b4610d924e04c68db79e503e1f79f9f02 # v2.1.39 with: languages: ${{ matrix.language }} config-file: .github/codeql/codeql-config.yaml @@ -69,4 +69,4 @@ jobs: # queries: ./path/to/local/query, your-org/your-repo/queries@main - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37 + uses: github/codeql-action/analyze@a34ca99b4610d924e04c68db79e503e1f79f9f02 # v2.1.39 diff --git a/.github/workflows/scorecards-analysis.yaml b/.github/workflows/scorecards-analysis.yaml index 4c3fdf843..f175264f2 100644 --- a/.github/workflows/scorecards-analysis.yaml +++ b/.github/workflows/scorecards-analysis.yaml @@ -56,6 +56,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37 + uses: github/codeql-action/upload-sarif@a34ca99b4610d924e04c68db79e503e1f79f9f02 # v2.1.39 with: sarif_file: results.sarif From bc80e6e4b554677828c149f43a72ba49e7ee9425 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Jan 2023 08:12:34 +0000 Subject: [PATCH 24/25] chore(deps): bump actions/setup-python from 4.4.0 to 4.5.0 (#30) --- .github/workflows/_build.yaml | 2 +- .github/workflows/codeql-analysis.yaml | 2 +- .github/workflows/pr-conventional-commits.yaml | 2 +- .github/workflows/release.yaml | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/_build.yaml b/.github/workflows/_build.yaml index 08a9ef5bc..f0dfe6712 100644 --- a/.github/workflows/_build.yaml +++ b/.github/workflows/_build.yaml @@ -56,7 +56,7 @@ jobs: fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@5ccb29d8773c3f3f653e1705f474dfaa8a06a912 # v4.4.0 + uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # v4.5.0 with: python-version: ${{ matrix.python }} diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml index 91dc4b43f..e7ff2f4c7 100644 --- a/.github/workflows/codeql-analysis.yaml +++ b/.github/workflows/codeql-analysis.yaml @@ -44,7 +44,7 @@ jobs: uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Set up Python ${{ matrix.python }} - uses: actions/setup-python@5ccb29d8773c3f3f653e1705f474dfaa8a06a912 # v4.4.0 + uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # v4.5.0 with: python-version: ${{ matrix.python }} diff --git a/.github/workflows/pr-conventional-commits.yaml b/.github/workflows/pr-conventional-commits.yaml index dcaffe4f8..b3f81670e 100644 --- a/.github/workflows/pr-conventional-commits.yaml +++ b/.github/workflows/pr-conventional-commits.yaml @@ -30,7 +30,7 @@ jobs: fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@5ccb29d8773c3f3f653e1705f474dfaa8a06a912 # v4.4.0 + uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # v4.5.0 with: python-version: '3.11' diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 3e5a9291b..cf957b07c 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -44,7 +44,7 @@ jobs: token: ${{ secrets.REPO_ACCESS_TOKEN }} - name: Set up Python - uses: actions/setup-python@5ccb29d8773c3f3f653e1705f474dfaa8a06a912 # v4.4.0 + uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # v4.5.0 with: python-version: '3.11' @@ -110,7 +110,7 @@ jobs: # Create the Release Notes using commitizen. - name: Set up Python - uses: actions/setup-python@5ccb29d8773c3f3f653e1705f474dfaa8a06a912 # v4.4.0 + uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # v4.5.0 with: python-version: '3.11' From c5d7e57dbbdba950a7c5b82988dd78503f43f193 Mon Sep 17 00:00:00 2001 From: Behnaz Hassanshahi Date: Wed, 25 Jan 2023 11:20:02 +1000 Subject: [PATCH 25/25] ci: remove CodeQL Python version from matrix (#36) Signed-off-by: behnazh-w --- .github/workflows/codeql-analysis.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml index e7ff2f4c7..d1ed59c3f 100644 --- a/.github/workflows/codeql-analysis.yaml +++ b/.github/workflows/codeql-analysis.yaml @@ -37,7 +37,6 @@ jobs: # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] # Learn more about CodeQL language support at https://git.io/codeql-language-support language: [python, go] - python: ['3.11'] steps: - name: Checkout repository @@ -46,7 +45,7 @@ jobs: - name: Set up Python ${{ matrix.python }} uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # v4.5.0 with: - python-version: ${{ matrix.python }} + python-version: '3.11' # For more details see the comment in _build.yaml. - name: Create empty virtual environment for Actions